Guide for wireguard

[927589452]

Add a guide for wireguard (go implementation https://git.zx2c4.com/wireguard-go/about/ ) to span mutliple uberpaces as an alternative to ssh tunnels

[luto]

The project says "YOU SHOULD NOT RUN THIS ON LINUX", but does not provide any reasons, except for there being a presumably faster/better kernel module. Can you please take a look, if there are any more substantial ones?

[927589452]

Will do

[ki9us]

Does Wireguard work on Uberspace?

[luto]

The original wireguard won't work, because it requires a kernel module. The Go version linked above could work, if you want to give it a try and write a guide!

[ki9us]

Looks like I need some permissions to create the interface:

ERROR: (wg0) 2020/01/27 17:17:32 Failed to create TUN device: operation not permitted

I tried BoringTun and got a similar result:

Failed to initialize tunnel: IOCtl("Operation not permitted")

[Tooa]

@keith24 thanks for trying this out. I would love to see Wireguard support in Uberspace. Sad to hear that the userspace implementations (Rust & Go) cannot be installed (yet?).

@luto I know this repo is about the Uberspace documentation, but any chance that the Uberspace ops team could have a closer look at the Wireguard installation?

[luto]

The rust and go implementations need to create TUN devices just like the in-kernel one. We cannot allow users to modify the network configuration. So wireguard won't work on an uberspace for the same reasons all the other VPN solutions won't work. A notable exception being the good, old (and still active!) sshuttle.

If there is a way to run wireguard without a TUN devices, feel free to reopen this issue and submit a guide!

Sorry, folks.

[christoph-nils]

The program onetun can create a wireguard tunnel for a single IP:port in userland. This can be used on Uberspace and with a web backend it can also be used to make the http service available via https.